4 Steps to the Security Industry's Economic Survival

We all know the economy is in bad shape. At SOURCE Boston 2009, Martin Roesch and other security industry heavyweights offered these tips for surviving the bad times and preparing to thrive when skies brighten

Everyone is focused on clinging to a job or finding a new one in these dark economic times. In doing so, avoiding controversy and risk is usually standard operating procedure. But it shouldn't be, according to several security industry heavyweights who attended the recent SOURCE Boston conference.

Peter Kuper, a managing partner at HypAdvisor Consulting LLC and former head software analyst at Morgan Stanley, said there's no better time than now to take risks -- whether it involves repositioning careers or launching new security ventures. The economy will eventually revive, and industry professionals will be better positioned to thrive when that time comes if they use the bad times to create and perfect something new. [See: 5 Tips for Managing Security in a Recession]

"The good news is this [recession] had to happen to clean out the bad and make room for the stronger," Kuper said, suggesting that the stronger will be today's risk takers. "What will you do as an individual or a company to position yourself for when things get better?"

He offered a series of suggestions, as did other security industry luminaries. To that end, here are four potential steps to getting through the economic collapse and emerging stronger when recovery rises from the ashes:

1. Start a new company

If you have a lot of pent-up security savvy and can't put it to good use because the job has been eliminated or the contracts have dried up, the time is ripe for launching a new security venture, be it a consultancy or technology vendor. This may seem like a crazy thing to do in the worst economic downturn since the Great Depression, but Kuper sees it as one of the sanest moves one can make right now.

"Today is the best time to start a new company because instead of immediately trying to catch up to the big companies, there's going to be at least a year or two where you can build the business right and be in a position to charge out of the gate when the economy improves," Kuper said.

Sharing that philosophy is David Mortman, a Columbus, Ohio-based CSO in residence at Echelon One LLC.

"I'm no financial analyst, but this seems like a really good opportunity for people who are starting up companies," he said. "There isn't the expectation to perform like there was two or five years ago, and you'll have a year to two years to develop your product without the traditional venture-capital expectations of going into the middle of a park, shaking a tree and making money fall out."

2. Help companies boost productivity

If you work for a company or you're a vendor trying to sell a new security tool, Kuper suggests trying to convince your target audience that you have something to offer that'll address today's fundamental need of doing more with less.

He noted that the current recession is a new experience for the security industry as a whole. Many security companies and individuals came into their own after the last recession in 2001-2002, and for them doing more with less is a new experience.

With that in mind, Kuper said people are looking for security tools, services and software that'll help boost productivity. (For example, see How to Make a Business Case for Identity Management.) Vital ingredients for this include broad scalability and seemingly reasonable pricing. No vendor wants to give their product away, but if they can offer companies a good deal now, the customer will probably remember and appreciate it in the future.

3. Show your importance by forcing the vendor's hand

For new security start-ups, a key to success today will be in how one exploits the precarious position larger and more established vendors are in.

The same rule applies for individuals who want to strengthen their hand in their current place of employment.

To that end, Kuper said the time is right to push security vendors hard. In the quest for the best pricing and quality, playing vendors like Symantec and McAfee against each other is a logical course. If there's an existing vendor who has succeeded in getting more money out of you in recent years, it's time to turn the tables.

"Security companies will be more willing to give discounts right now," Kuper said. "They can't afford to lose existing customers, so take advantage of that."

4. Find and exploit silver linings in the cloud

While this may be a good time to start a new venture, some of the established security vendors at SOURCE said they have no plans to throw in the towel, including Sourcefire Founder and CTO Martin Roesch. Despite the economic downturn, he says there are things a company will always have to spend money on. Sourcefire's plan is to convince those companies that its products are the strongest and most cost-effective way to maintain security in the midst of the recession.

"At Sourcefire, despite the economic environment, we grew pretty substantially in the last year," said Roesch, creator of the widely popular Snort open source IDS tool. "Despite the macro conditions, PCI DSS doesn't go away, HIPAA doesn't go away, so we in security can be thankful we're in the industry we're in."

That said, he always worries about things going south in six months, and he acknowledged Sourcefire is putting some effort into being strategically prepared to keep its head above water if the flood crashes through its front door. For him, that means keeping up the focus on addressing companies' never-ending compliance needs.

Copyright © 2009 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.